PHP Security Update Advisory

Jun 10 2024

Overview

An update has been released to address vulnerability in PHP. Users of affected versions are advised to update to the latest version.

Affected Products

PHP 8.3 versions prior to 8.3.8
PHP 8.2 versions prior to 8.2.20
PHP 8.1 versions prior to 8.1.29

Resolved Vulnerabilities

PHP-CGI Argument Injection Vulnerability (CVE-2024-4577) when using Apache and PHP-CGI on Windows, when the system is set to use a specific code page, the Windows Win32 API functions use the “Best-Fit” function to replace characters in the specified command line

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability patched version.

PHP versions 8.3.8, 8.2.20, and 8.1.29

Referenced Sites

[1] CVE-2024-4577 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-4577

[2] cve-2024-4577

https://github.com/watchtowrlabs/CVE-2024-4577

[3] CVE-2024-4577: Proof of Concept Available for PHP-CGI Argument Injection Vulnerability

https://www.tenable.com/blog/cve-2024-4577-proof-of-concept-available-for-php-cgi-argument-injection-vulnerability

[4] Security Alert: CVE-2024-4577 – PHP CGI Argument Injection Vulnerability

https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/

PHP Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Apple Product Security Update Advisory

Linux Kernel Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Apple Product Security Update Advisory

Linux Kernel Security Update Advisory